NPE during Renew super admin certificate

Question

We have an super admin certificate expired. Tried to renew it using ejbca.sh and in the last step it failed:

[jboss@63a2ea1bfbfd bin]$ ./ejbca.sh batch
./ejbca.sh: line 3: which: command not found
Use 'batch --help' for additional options.
Generating keys in directory /tmp/p12.
Generating for end entities with status NEW.
Batch generating 2 users.
java.lang.NullPointerException
at org.cesecore.configuration.GlobalConfigurationSessionBean$GlobalConfigurationCacheHolder.updateConfiguration(GlobalConfigurationSessionBean.java:281)
at org.cesecore.configuration.GlobalConfigurationSessionBean.getCachedConfiguration(GlobalConfigurationSessionBean.java:141)

Version 6.5.0-Alpha, installed on jboss 7.1.1. Any idea why this NPE?

Thanks

score 0 · Answer 1 · answered Nov 15 '21 at 18:22

0

The details of your NPE will be visible in the jboss server.log file. Details of the server side is logged there. PS: That is an extremely old version. You need to upgrade.

answered Nov 15 '21 at 18:22

primetomas

524
2
5

Gardella Juan · Accepted Answer · 2021-11-16T19:27:50.373

Thanks @primetomas, I finally fixed the issue.

The crypto token related to the admin CA was offline. The NPE mentioned in the question was solved after activate it. In order to not present that NPE and really show the exception, I have to updated at cesecore-ejb the file org.cesecore.configuration.GlobalConfigurationSessionBean to prevent NPE if caches does not contain the key.

    public void updateConfiguration(final ConfigurationBase conf, final String configId) {
    if (caches.containsKey(configId)) {
      caches.get(configId).updateConfiguration(conf);
    }else {
        System.out.println(String.format("updateConfiguration(%s) skipped as there is no cache for it ", new Object[] {configId}));
    }
}

After that fix, another NPE fixed at cesecore-common at org.cesecore.certificates.ca.X509CA:

    // Check that the certificate fulfills name constraints
if (cacert instanceof X509Certificate) {
    GeneralNames altNameGNs = null;
    String altName = "" + subject.getSubjectAltName(); // Added "" to prevent NPE later
    if(certProfile.getUseSubjectAltNameSubSet()){
        altName = certProfile.createSubjectAltNameSubSet(altName);
    }
    if (altName != null && altName.length() > 0) {
        altNameGNs = CertTools.getGeneralNamesFromAltName(altName);
    }
    CertTools.checkNameConstraints((X509Certificate)cacert, subjectDNName, altNameGNs);
}

NPE during Renew super admin certificate

2 Answers2